Security Requirements and Risks

In: Computers and Technology

Submitted By walshfam4
Words 763
Pages 4
Security Requirements and Risks Paper

Security Requirements and Risks Paper There are a lot of businesses such as Huffman Trucking that complete risk reviews to determine the quantity of threats that may affect their company, and discover ways in dealing with them before a huge tragedy takes place. Risks include hypothetical efficiency of loss of impact, security measures, vulnerabilities and threats that are widespread in today's world. Huffman Trucking sticks to procedures and guidelines that are overseen by dealings by which the organization assesses and handles its contact to risk.

Nearly all businesses cope with some risk or possible risk that could possibly trigger a giant blow to their business. These threats and risks typically come from outside or within any organization. In order to get ready for the worst that may occur, corporations should direct their attention on how to consider distinctive types of risk so they could shield themselves from the damage caused by them.

The first security risk that needs to be looked into is username and passwords that are assigned to each user. Listed are some cons of password security: Do not choose a password that has to do with family, name, or any personal information that anyone could figure out easily. Writing passwords down is giving others easy access to your personal information. If needed write it down and put it in a safe place where no one is able to find it. Some pros of password security are: Make sure to use a password if sharing a computer with a co-worker. If you do not have a password it is giving easy access to personal information, deletion of files or even use of your account. Using different passwords for different things is something everyone should do to avoid easy access by co-workers. Change passwords at work every two months and make sure the system does…...

Similar Documents

Security Risk Assessment

...Security Risk Assessment Southern New Hampshire University Michael Hallin Security risk analysis, which is also known as risk assessment, is essential to the security of any company and benefits the overall business goal. It is vital in ensuring that controls and costs are fully equal with the risks to which the organization is exposed. Having a well laid plan for disaster recovery comes from a good risk analysis of a company. A company’s IT Business Manager and associated team must identify and assess the organizations assets and give them a value. A good IT risk assessment involves identifying what functions need to be reestablished first after a disaster or an attack to the system. Restoration to full operational capability is significantly enhanced when the company is prepared and has taken appropriate action prior to an emergency or disaster (Group, 2005). The steps to identifying IT risks in a company include: determining which of the company’s assets have the most value to the business, identifying the risks that are applicable to those assets. After the risks are identified, they need to be logically examined to see how likely the risk can occur. If the risk is likely to be a factor, then the companies must take action to mitigate those risks. An example of this would be the company’s exchange server, which in almost all companies is a priority 1 asset, also called an essential entity. A server always has a risk of crashing; an exchange server has......

Words: 902 - Pages: 4

Risk Management Security

...Project Part 1 Task 2 Risk Management Plan Alen Kovacevic C. Wyrick IS3110 January 29, 2013 Purpose The Senior Management of the Defense Logistics Information Services (DLIS) has decided to update the previous risk management plan with a developing, new risk management plan. This new risk management plan will not only minimize the amount of risk for future endeavors, but will also be in compliance with regulations such as the Federal Information Security Management Act (FISMA), Department of Defense (DOD), Department of Homeland Security (DHS), National Institute of Standards and Technology (NIST), Control Objects for Information and Technology (COBIT), and Information Assurance Certification and Accreditation Process (DAICAP). Scope The risk management plan is for the organization use only and its network, including remote access company owned building in United States. Outside sources from this scope and risk management plan may cause the network infrastructure to fail or will make it a high risk structure due to the fact that the outside source may not protected to interact with other outside sources allowing hackers to infiltrate your system and steal important files. Compliances Federal Information Security Management Act (FISMA) compliance is required for federal agencies to protect their important information. Department of Homeland Security (DHS) compliance is to be required for protection to the United States against terrorists. There are other......

Words: 1365 - Pages: 6

Security Risk Management Course Paper

...system. Therefore, a proper understanding of risk management and all that it entails is of the utmost importance for every IT professional, regardless of specialization. The purpose of this paper is to identify what risk management is and give an overview of the three phases or undertakings that make up the risk management process and then conclude with a discussion and explanation of the six-step Risk Management Framework (RMF) developed by the Department of Defense and the National Institute of Standards and Technology (NIST) (National Institute of Standards and Technology, 2010). “Risk management is the process of Identifying risks, as represented by vulnerabilities, to an organization’s information assets and infrastructure, and taking steps to reduce this risk to an acceptable level” (Michael E. Whitman, Herbert J. Mattord, 2012, p. 119.). Thus, risk management is merely the ability of a person or organization to implement due diligence and identify any potential issue and develop policies and security measures to combat these risks. Risk management is comprised of three phases: risk identification, risk assessment, and risk control (Michael E. Whitman, Herbert J. Mattord, 2012, p. 119.). Risk Identification Risk identification is simply the identification and documentation of the assets and the threats to those assets. Risk identification is an iterative process that consists of six steps: the planning and organization of the risk management process, categorize......

Words: 2778 - Pages: 12

Security and Risk Management

...operations are filled with risk. On a personal level we take risks crossing the road, travelling by train and making investment decisions. From a business perspective, risk is managed at many levels - operational, marketing, legal and financial. Traditionally, much risk inherent in a business operation has been managed through insurance. In reality, we are all aware that risk can no longer be managed on an ad hoc basis, but should be sewn into the fabric of corporate management. In other words, an organization will not be able to make strategic choices to maximise performance without having a clear understanding of the risk it faces. People make risk decisions at all levels in an organization, ranging from individual responsibilities to collective decisions made at Board level. Allowing individuals too much autonomy within an organisation can have disastrous consequences. Consequently, compliance and adherence to regulations is important to all risk management programmes, which in turn have focused organisations on corporate governance as a form of management control. Risk analysis helps put in place checks and procedures that reduce the chance of negative outcomes. In relation to the risk management situation, we can always relate to Nick Leeson's case, who had lost Baring’s Bank $1.3 billion on trading derivatives, destroying Barings and its reputation within a short period of time. Inter-related Crisis and Risk management Crisis and Risk management are two......

Words: 1044 - Pages: 5

Dlis Information Security Risk Assessment

...| DLIS Compliance Risk Management Plan | | | Battle Creek, MIRich FranklinMauricio MosqueraHerby ThomasLouis Zayas * 13-Jan-14 | | * Table of Contents COVER 1 TABLE OF CONTENTS 2 DOCUMENT CHANGE LOG 3 Project Risk Management Plan Purpose AND SCOPE 4 Key Roles and Responsibilities 4 Risk Management Process and Activities 5 Risk Management Plan Audit Log 5 Risk Assessment and Management Table 6 COMPLIANCE LAWS AND REGULATIONS 8 PROPOSED SCHEDULE 9 Risk Management Plan Approvals 10 * Department: Information Technology Product or Process: Risk Management Document Owner: Battle Creek, MI IT Version | Date | Author | Change Description | 0.1 | 1/6/14 | RFranklin | Initial Draft | 0.2 | 01/12/14 | RFranklin | Revision 1 | 0.3 | 1/13/14 | RFranklin | Revision 2 | * Project Risk Management Plan Purpose and Scope The purpose of this Risk Management Plan is to identify the strategies, methods, and procedures to be used within the Michigan Air National Guard, Battle Creek, Michigan supply chain in identifying, evaluating, and mitigating the risk involved in daily and long term operations. All Department of Defense and federal agencies must at least comply with the minimum standards set forth in Law, DOD directives, branch of service regulations, and local base regulations. This plan provides local guidelines for applying the FISMA standards using...

Words: 1209 - Pages: 5

Security: Vulnerability, Threat, Risk

...Assessment Worksheet Lab #1 – Assessment Worksheet Perform Reconnaissance and Probing Using Zenmap GUI (Nmap) Course Name and Number: Network Security Fundamental Student Name: XXXXXXXXXXXX Instructor Name: XXXXXXX Lab Due Date: Monday, January 20, 2014 Overview Hackers typically follow a five-step approach to seek out and destroy targeted hosts. The first step in performing an attack is to plan the attack by identifying the target and learning as much as possible about the target. Hackers usually perform an initial reconnaissance and probing scan to identify IP hosts, open ports, and services enabled on servers and workstations. In this lab, students planned an attack on 172.30.0.0/24 where the VM server farm resides. Using Zenmap GUI, students then performed a “Ping Scan” or “Quick Scan” on the targeted IP subnetwork. Lab Assessment Questions & Answers 1. Name at least five applications and tools pre-loaded on the TargetWindows01 server desktop, and identify whether that application starts as a service on the system or must be run manually. Windows Application Loaded Starts as Service Y/N 1. Tftp32_SE_Admin (Service Edition) q Yes q No 2. Tenable Nessus q Yes q No 3. WireShark q Yes q No 4. FileZila q Yes q No 5. Nmap-Zenmap GUI q Yes q No 2. What was the allocated source IP host address for the TargetWindows01 server, TargetUbuntu01 server, and the IP default gateway router?......

Words: 550 - Pages: 3

Establishing Security Risks and Countermeasures for Large Scale Businesses

...Establishing Security Risks and Countermeasures for Large Scale Businesses Stephen Yopp 23 May 2014 ISSC-361 American Military University Establishing risks and countermeasures can be a complex procedure, even more so when protecting hundreds of systems from internal and external threats. Many tools exist to assist in implementing and scaling security operations. There are many assets that represent risks to businesses ranging from information systems to the data which is stored on them and therefore almost as many existing threats (Smith, 2013). The National Institute of Standards and Technology (NIST) describes 11 types of assets; people, organizations, systems, software, databases, networks, services, data, computing devices, circuits, and websites (Halberdier, Waltermire, and Wunder, 2011). This list is more extensive than the categories discussed, for the sake of brevity, but it might be helpful to enterprise employees seeking to identify different assets. Hardware represents a large investment for businesses. Servers, network devices, cables, workstations, and mobile devices can cost enterprise businesses millions of dollars up front. Because information systems are such an integral part of modern business, companies cannot afford to be without access to file and print servers or internet access. This means that the loss of hardware would represent setbacks in productivity, potential negative impacts to the organization’s reputation, and necessary......

Words: 3285 - Pages: 14

Reducing It Risks Through Sufficient Security Controls

...When identifying risks to the organisation and assigning resources, it is imperative that organisation understand the consequence of the risk eventuating so that risk treatment can be prioritised. Such prioritisation can only occur when risks are rated and prioritised based on an international standard that utilises consequence for determining risk ratings. While the crime triangle allows for the rating of risk, it does not take consequence into consideration as ISO31000 does. Where the organisation is able to understand how they will be adversely affected by negative risks, there will be a higher level of co-operation to assign resources. Where the consequence is only portrayed in a technical manner and not in line with the organisations strategy and business objective, there will more reluctance to support risk treatment. Organisations must utilise an Enterprise Risk Model that allows for scalability and organisational wide understanding and co-operation. Such a model should be developed enterprise wide and further more adapted for the identification of different types of risks, such as security risks. ISO31000 better suits such a requirement in comparison to the crime triangle that specifics risks as crime. It is imperative to understand that risks are not always perceived as crimes and utilise a model that allows for this. Risks are often guided by uncertainty and it is imperative for organisation to utilise as much information relating to the risk as possible as......

Words: 3417 - Pages: 14

Security Risk Assessment Process

...Security Risk Assessment P1. Operational risk assessment is the process of determining what threats and vulnerability’s affect an organizations critical business processes. Operation risk assessment is a life cycle process that needs to be conducted often to determine if there are new threats and vulnerability’s to the organization. Without conducting a routine risk assessment an organization is left with exposure to hazards and accidents which lead to a loss. An operational risk assessment consist of risk identification, risk analysis and risk evaluation. The assessment is used to create a risk management policy which gives the best courses of action to mitigate from any threat and vulnerability’s. A risk is the possibility of a loss from exposure to a hazard by conducting an operational risk assessment the end result is to reduce the amount of risk to a project, equipment and personnel. Management are the ones who use risk management to minimize loss which reduces monetary loss and time for the organization. P4. The information assurance control procedures are the identification of assets, the classification of assets. The goals are to protect the confidentiality, integrity of availability of information by providing control measures. They are important because a company assets need to controlled due to so many exposures. The control procedures are used as a set of process and guidelines to ensure that an asset is classified correctly and given the correct level of......

Words: 1525 - Pages: 7

Risk Management in Justice and Security

...Running Head: RISK MANAGEMENT IN JUSTICE AND SECURITY ORGANIZATIONS Risk Management in Justice and Security Organizations Rita A. Davis University of Phoenix CJA/520 Group ID: MSAS0KCAO6 RJ Schafer September 11, 2009 Risk Management in Justice and Security Organizations Introduction Risk management is essential to the security and well being of any organization. Risk management is crucial in guaranteeing that security controls and spending are proportionate with the actual risks to which the organization is exposed. Following a comprehensive and formal risk management approach requires a sound understanding of the principles of risk. Risk goes beyond the questions of efficiency, technique. This paper will discuss the role of risk management in justice and security organizations What is Risk? “Risk is the uncertainty of financial loss, the variations between actual and expected results, or the probability that a loss has occurred, or will occur… three main categories are personal, property, and liability” ( Broder, p. 3). An organization should perform a risk analysis, which is a, “management tool, the standards for which are determined...

Words: 986 - Pages: 4

Security Risk Management Plan

...SECURITY RISK MANAGEMENT PLAN Prepared by Jeremy Davis Version control Project title | Security Risk Management Plan Draft | Author | Jeremy Davis | VC | 1.0 | Date | 25/10/10 | Contents Executive summary 4 Project purpose 5 Scope of Risk management 5 Context and background 5 Assumptions 5 Constraints 5 Legislation/Standards/Policies 6 Risk management 6 Identification of risk 7 Analysis of risk 8 Risk Category 9 Review of Matrix 9 Action plan 9 Testing Procedures 11 Maintenance 11 Scheduling 11 Implementation 12 Training 12 Milestones 12 Monitoring and review 13 Definition 13 Authorisation 14 Reference 15 Executive summary A Security Risk Management Plan (SRMP) helps CBS by providing specific guidelines and rules to ensure risk management is considered and included. It provides guidelines for its implementation that can minimise the threats by planning, policies, processes and procedures that can help your business get everything back to normal as soon as possible. This SRMP was designed for the guidelines for its implementation of risk management in CBS and in its operations in order to ensure its security and safety of its staff and assets. Throughout this SRMP it identifies threats, procedures, policies, responsible person and etc which will provide you and your staff information to prepare you with the worst disaster event. Every business these days has a SRMP in case of any events which may occur,...

Words: 2028 - Pages: 9

Hris Risk and Security

...up by company personnel. Questionnaires enable the researcher to elicit detailed information from respondents who may not be accessible otherwise (homebound, rural, etc.). Self-administered questionnaires can be used for pre-testing of program materials. In this case, the questionnaire is mailed to the respondent along with the pretest materials. Increasingly, the computer is being used for survey administration; respondents are recruited via Internet advertisement, e-mail, or website. Website surveys are particularly advantageous because respondents can answer the questions and submit their responses during a single visit to the website, thus they do not have to take the additional step of mailing their survey (and run the risk of forgetting to do so). In addition, materials can be scanned into the computer for pre-testing. Regardless of the advantages, it should be noted that sampling bias may occur with computer surveys, thereby forcing the researcher to use caution when drawing conclusions. Pros: 1. Inexpensive. 2. Does not require interviewer time. 3. Allows respondents to maintain their anonymity and reconsider their responses. Cons: 1. If mailed, response rate is low. 2. Often requires follow up. 3. May take a long time to receive sufficient responses. 4. Respondents self-select (potential bias). 5. If used for material pretest, exposure to materials is not controlled. 6. May not be appropriate if audience has limited writing skills. 5.)...

Words: 6353 - Pages: 26

Security Risk Management

...Security Risk Management Plan Sydney Head Office 175 Sydney Rd Sydney NSW 2000 DOCUMENT VERSION CONTROL Document Name: | Amalgamation of GSC | Version Number: | 0.1 | Date: | 18 July 2016 | Reviewed By: | | Authorised By: | | CHANGE HISTORY Version | Issue Date | Author | Reason for Change | 0.1 | 20.05 | ABCELLO | Original Document | | | | | | | | | | | | | | | | | | | | | | | | | DISTRIBUTION LIST Copy No | Name | Location | 1. | Master | Project Office | 2. | <Project Manager> | | 3. | <Project Sponsor> | | 4. | <Executive Sponsor> | | 5. | | | | | | | | | | | | | | | CONTENTS INTRODUCTION | 4 | | | SCOPE OF WORKS | 4 | DISCLAIMER AND LIMITATIONS | 4 | | | METHODOLOGY | 4 | | | STRATEGIC CONTENT | 4 | STAKEHOLDER LIST | 5 | RISK MANAGEMENT CONTEXT | 5 | THE RISK MANAGEMENT PROCESS | 6 | | | ANALYSIS OF SECURITY RISK | 7 | TREATMENT OPTIONS | 7 | | | SOURCES OF EVENT RISK | 8 | | | RISK IMPLEMENTATION/RISK IDENTIFICATION | 9 | | | RISK ASSESSMENT SUMMARY | 9 | RISK 1 - Operational | 10 | RISK 2 - Strategic | 10 | RISK 3 - Human / Animal Resources | 11 | RISK 4 - Systems | 11 | RISK 5 - Financial | 12 | RISK 6 - Legal | 12 | | | RISK ASSESSMENT TABLES & CONSEQUENCE | 13 -18 | STAKEHOLDERS SIGN OFF | 19 | BIBLIOGRAPHY | 20 | |......

Words: 3116 - Pages: 13

Security Requirements and Possible Risks

...Security Requirements and the Possible Risks associated with the Benefits Elections Systems of Huffman Trucking Company CMGT/442 Security Requirements and the Possible Risks associated with the Benefits Elections Systems of Huffman Trucking Company Huffman Trucking has sent out a service request regarding the development and installation of a benefits election system to support the tracking and reporting of employee (union and non-union) benefits (University of Phoenix, 2011). Per this request, this paper will discuss possible security requirements and possible risks that may occur or be associated with the development and implementation of the Benefits Elections Systems. Typically, information on each employee and his or her respective benefits package is stored and managed using some type of database system. This can be either a hardcopy file version or an electronic one. Whatever method is used, security measures have to be put in place to protect each employee from the loss or theft of their information, as well as protect company assets from possible legal action. The purpose of this paper is to discuss some of the potential security requirements of Huffman’s system as well as the some of the risks associated with the implementation of this type of system. When deciding what security requirements will be needed to implement the Benefit Election System one will need to keep in mind of securing both the company and employees’ data from breaches. Security......

Words: 1019 - Pages: 5

Legal Risk in Finance - Security

...various parties to the syndication, including SB, were just as expert in this domain and would be capable of independently deciding on the suitability of their participation. Subsequent to the establishment of the loan, the syndicate participants (including SB) agreed for OB to hold the security on their behalf, and to it disbursing to others any funds received as repayment for the loan. This automatically creates a relationship of trust such that OB would owe a fiduciary duty to SB. While clearly OB owed SB fiduciary duties, there is no evidence on the facts that OB has breached any such duty. Question 2(A). This question relates specifically to the security provided by MPL over its property, and therefore does not warrant any further discussion of securities provided by the directors (i.e. under personal indemnities). Nature of security In the given facts, we are told that MPL provided the following security for the loan: • a fixed charge over factory equipment, and • a floating charge plus negative pledge over all hardware owned by MPL from time to time, and all patents and licences granted to MPL. The two types of security provided are basically equitable charges. Under these securities, MPL (as borrower) retains the right to hold and utilise the specified property for the fulfillment of its debt to OB (as chargee) on behalf of the other lenders. The fixed charge over the factory equipment prohibits MPL from dealing freely with that property in that it cannot......

Words: 2874 - Pages: 12